Personal healthcare systems based on wearable/implantable medical devices are being increasingly deployed for a variety of diagnostic, monitoring, and therapeutic applications. A consequence of the increased functional complexity, software programmability, and wireless network connectivity of such devices is that they are now vulnerable to security attacks that have plagued general-purpose computing systems. Recent demonstration of security attacks on commercially deployed systems has raised medical device security concerns significantly. Unfortunately, medical devices come with extreme size/power constraints and unique usage models, making it infeasible to simply borrow conventional security solutions.
This research focuses on developing a non-intrusive medical security monitor that snoops on all wireless communication to/from medical devices and uses multi-layered anomaly detection to identify potentially malicious transactions. While formal methods have been previously used to check for implementation flaws, they are not geared towards verifying the safety behavior of the medical device software in its interactions with the real world, which can expose logical flaws as well. The work investigates these interactions by transforming properties specified at the real-world interfaces (sensors and actuators) into program properties against which the medical device software can be verified. The findings will be disseminated through conferences and journals. The hardware and software developed will be placed in the public domain, and disseminated to the industry. The knowledge developed will be integrated into various courses. Undergraduates will be encouraged to perform independent research on this topic. Fellowships and outreach programs will be leveraged to encourage participation of female and minority students.